In "Recent Activity", eliminate "Sign Out".
It makes no sense to allow someone to "sign out" an entry in the "Recent Activity" list. If I can sign out (and eliminate the listing of a session) then so can someone that's compromised my account.
Also, "sign out" is a bit misleading. It sounds like the user may still be logged in somewhere (even if they've most certainly logged out). It should just be called "delete", because that's more apt to what you're doing. But again, I don't think being able to delete entries from this list aligns with the goal of a recent activity log.
I would like to see the entire "Recent Activity" section re-designed (for the better, not the usual Yahoo "take two steps back" plan of attack), but that's an entirely separate feature suggestion.
the security features is lacking and recent actvty is pretty much useless
Recent activity should also include login attempts. I'm sure this list would be lengthy, but it would be very useful. Especially when Y! makes you do additional tasks before logging in because they've "detected unusual activity". So tell me what that abnormal activity was. That way I can make a determination as to how severe of a threat it was, and take steps to prevent a compromise.
Hey Guys, Yo Wuts Up? commented
The recent activity area should just be a plain text data table with all the applicable info listed (ip, device, time, date, etc). No ability to delete. Maybe have it auto-delete ones that are 60 or 90 days old. It doesn't need to be "fancy" with graphics or pop-up details (as it is currently), just present the info in a clean, unobstructed way. Being able to scan that list quickly to see any irregularities is the most important aspect. As well as having as much info presented, as possible.
Yahoo, make it easy for us to see if someone has been messing with our accounts and get out of the way!
I think even Windows/Hotmail/Live has a better "Recent Activity" log. Yahoo should look around at other implementations of this feature (Gmail, Win/HM/Live, banks, Facebook, etc) and make improvements to theirs. Considering how often they allow break-ins into their account info database, it's the least they could do to help users secure their accounts.
It even says "See something suspicious? Change your password" at the top of the Recent Activity page. But if someone can just delete all the footprints, how are users supposed to notice anything suspicious??